Privacy Notice

Personal data protection legislation aims at guarantying that individuals have a high level of control of their private life and personal data. As of May 2018, Regulation (EU) 2016/679 (the General Data Protection Regulation or "GDPR") and the 2002/58/EC Directive (together, and with any other applicable European regulations applicable to the processing and protection of Personal Data) define the applicable legal framework in order to guarantee this level of protection for personal data.

The CMA CGM group undertakes to comply with the European Data Protection Regulations.

To that extent, the terms “we”, “us”, “our” or “CMA CGM” are used to refer to CMA CGM S.A. (“CMA CGM”) and the group of companies constituting CMA CGM’s direct or indirect subsidiaries worldwide, including without limitation, ANL, APL and CNC.

It is equally important that you understand what personal data is collected and how it is used. As such, this Notice is intended to provide you with these facts.

Why do we need it?

We use this information for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

How long do we keep it?

We keep Commercial & accounting data related to you for 10 years in compliance with the French trade law (Article L123-22 alinéa 2 du Code de commerce),or such other longer or shorter period as may be adjusted to comply with any relevant local regulations.

Client service

What personal data do we need?

We collect and process the following categories of personal data in relation to you:

Identity and Contact Details (Name, Surname, Email address, etc.);

Professional Information (Organisation name, position, etc.).

Service Data (details about services and products you have requested or we have provided to you or your organisation).

Marketing data (preferences on receiving marketing information from us and communication channel preferences).

Why do we need it?

To inform you on services, offers, operational matters and rates offers / changes that may be of interest to you and to help us develop new products and services

To develop our business profile and analyse our business trends and profiles;

To evaluate client experience, assess client satisfaction, understand client's requirement and the level of service expected. This may lead to the implementation of local action plans to improve your experience.

To conduct analytics.

We will only provide you with marketing-related information after you have, where legally required to do so, opted-in to receive those communications. We will use your personal information for our legitimate interest to develop our business, provided that this interest is not overridden by your interests or fundamental rights and freedoms. We will give you the opportunity to opt out at any time.

How long do we keep it?

We generally keep Marketing data for three years from the date it was collected after which time the data is deleted. Commercial and contact data may be retained longer to comply with applicable commercial laws.

Website

What personal data do we need?

Using cookies and other tracking software, we automatically collect personal data about you when you access and use our websites, blogs, mobile sites, applications, sponsored content on social media sites (the "Online Information"), and information about the device you use to access the Online Information.

For example, we may collect:

Information about how you view the Online Information (such as the pages you view, the links you click).

Information about your browser, usage patterns (Your IP address, browser type and language) and about the device you use to access the Online Information.

If you connect to us from a social network, such as LinkedIn or Facebook, we will collect personal information from the social network in accordance with your privacy settings on that social network. The connected social network may provide us with information such as your name, profile picture, network, gender, username, user ID, age or age range, language, country, and any other information you have agreed it can share or that the social network provides to us.

Why do we need it?

We use this information to monitor and improve our Online Information and business and to help us develop new products and services.

“Cookies” are small text files that store information about your interactions with a particular website, either temporarily (known as a “temporary” or “session” cookie, and deleted once you close your browser window) or more permanently on the hard drive of your computer (known as a “permanent” or “persistent cookie”). Cookies can make it easier to use a website by allowing servers to access certain information quickly:

Session cookies can be used to help a user’s browser navigate a website more smoothly and may show up if the user comes from a website with which the subsequent website has some relationship (e.g., a website of an affiliated company) and can give helpful information.

Persistent cookies can be used to customize a website for a user, such as by storing language preferences, user location, display settings etc. so that users do not have to re-enter this information each time they visit a website.

Our website may use both session cookies and persistent cookies to store information that allows us to improve our customer service to you and provide you with the ability to navigate the website more easily.

You can set your browser to decline cookies if you prefer (How to guide for Chrome, Firefox, Internet Explorer, Opera, Safari). If you do so, you may not be able to access important functions, areas of our websites or you may not be able to enjoy the convenience of easily navigating our website.

How long we keep it?

Session cookies are deleted once you close your browser window. Persistent cookies generally last for 3 months and up to a maximum of 2 years.

International transfers

Intra group transfers are done in accordance with the Binding Corporate Rules which governs the international transfer and processing of personal data within the Company around the world.

We may use service providers located outside the European Economic Area. Where the recipient is located in a country which has not been deemed by the European Commission to have adequate data protection laws in place, we transfer the personal data using one of the following measures:

Where we use providers based in the USA, we may transfer data to them if they are part of the “Privacy Shield” which requires them to provide similar protection to personal data shared between Europe and the USA. For further details, see European Commission: EU-US Privacy Shield.

Standard Contractual Clauses approved by the European Commission, which give personal data the same protection it has within the European Economic Area. For more information on Standard Contractual Clauses, see European Commission: Standard Contractual Clauses.

Who processes your personal data?

CMA CGM is a shipping and logistic company with offices and associated legal entities across the world. Your personal data may be shared with our offices and associated entities as necessary or appropriate.

We may also use service providers to process your data. In this event, the processings are governed by a contract that complies with the applicable data protection laws and ensure the protection of your rights.

We may disclose information about our clients to third parties in connection with a transaction, such as a merger, or an acquisition of all or a portion of our business, or our acquisition of another business.

What are your rights?

At any time, you may:

request to see your personal data that we have;

request to correct or delete your personal data if you believe it is incorrect;

object to our processing of your personal data or to transfer of your data;

When you contact us, we may seek additional information from you to make sure that the personal data we may possess belongs to you. Once verified, we will evaluate your request and provide you with a response.

Should you be unsatisfied with the answer, should you think that personal data processing does not follow the rules of law, you may file a complaint with the supervisory authority located in your jurisdiction.